Welcome to the MacNN Forums.

uochris · Nov 1, 2003, 12:22 AM

The version of Mail that ships with Mac OS X 10.3 gained the ability to sign and encrypt email messages. This is terrific news, because it allows us to verify the identity of the sender of a received email message, it allows us to verify that the message has not been tampered with in transit and finally it allows us to send encrypted email messages - in other words the ability to put an envelope and a seal on our email messages.

The website above has step by step instructions on how to obtain a secure certificate and use it with 10.3's mail.app. Check it out.

cpac · Nov 1, 2003, 12:36 AM

PGP has provided integrated plug-ins for Mail since 10.2 at least. Nice tool bar buttons for signing/encrypting/verifying/decrypting messages as they come in/go out.

Nice you can do it for free now though, even if it isn't as slick...

ablaze · Nov 1, 2003, 01:21 AM

Thanks, finally something helpfull.

Earth Mk. II · Nov 1, 2003, 12:21 PM

GPGMail has been adding this functionality to mail since at least OS X 10.1 and... oddly.. they have a more cohesive implementation.

My question about Mail's implementation is if it can grab keys off a keyserver, place your keys on a keyserver and import keys from GPG/PGP.

Actually, I think i might try this...

Arkham_c · Nov 1, 2003, 01:16 PM

Originally posted by Earth Mk. II:
GPGMail has been adding this functionality to mail since at least OS X 10.1 and... oddly.. they have a more cohesive implementation.

My question about Mail's implementation is if it can grab keys off a keyserver, place your keys on a keyserver and import keys from GPG/PGP.

Actually, I think i might try this...

They've really improved gpgmail for panther. It's very impressive and does have some keyserver integration (looking up keys on a keyserver at least).

jaydisc · Nov 1, 2003, 07:20 PM

This is fantastic. I knew it was there based upon that preference option, "Index decrypted messages...."

I'm in the process of finding a friend to test PGP compatibility. Can anyone else comment?

Arkham_c · Nov 1, 2003, 09:13 PM

Originally posted by jaydisc:
This is fantastic. I knew it was there based upon that preference option, "Index decrypted messages...."

I'm in the process of finding a friend to test PGP compatibility. Can anyone else comment?

GPG is PGP-compatible. We use it at work to encrypt files to send to customers. Most of the customers use PGP, and we load their public keys into GPG and encrypt files all the time (hundreds per day).

C.J. Moof · Nov 1, 2003, 09:47 PM

Originally posted by jaydisc:
This is fantastic. I knew it was there based upon that preference option, "Index decrypted messages...."

I'm in the process of finding a friend to test PGP compatibility. Can anyone else comment?

Jaydisc- PM me if you want to test out GPG/Panther Mail encryption. I've been meaning to test it too....

jclarkv · Nov 2, 2003, 06:33 AM

I've just set up secure e-mail for my wife and I. I used to use PGP, and as a bit of a geek, it was fun to do, but there was no way I could have gotten my wife to learn the concept of public and private keys, keyservers, etc.

I think that what is terrific about Mail in Panther is that signing and encryption is seamless. It just happens (once the certificate is added to the key chain). Receiving and reading an encrypted message is similarly seamless (when using FileVault, anyway).

For people that work with data which must be kept private (physicians, other professionals), this Panther upgrade is a must-have.

car1son · Nov 2, 2003, 10:19 AM

How hard is it for Windows users to read / verify such GPGed mail?

Gus · Nov 2, 2003, 12:06 PM

Originally posted by car1son:
How hard is it for Windows users to read / verify such GPGed mail?

Not hard at all.
I tested this and Outlook supports S/MIME out of the box. Sent a signed mail to one of my "Windows accounts" and it came through just fine with a nice graphical indication that the mail was signed (clicking the certificate graphic gives you more information about the signature).

Gus

JVB_2112 · Nov 2, 2003, 01:21 PM

Originally posted by uochris:
From http://www.joar.com/certificates/

The website above has step by step instructions on how to obtain a secure certificate and use it with 10.3's mail.app. Check it out.

Thanks for the tip. I'm now signing my mail via Panther's mail app. To bad that no one I exchange mail with signs their mail.

dscottbuch · Nov 2, 2003, 03:18 PM

Originally posted by jclarkv:
I've just set up secure e-mail for my wife and I. I used to use PGP, and as a bit of a geek, it was fun to do, but there was no way I could have gotten my wife to learn the concept of public and private keys, keyservers, etc.

I think that what is terrific about Mail in Panther is that signing and encryption is seamless. It just happens (once the certificate is added to the key chain). Receiving and reading an encrypted message is similarly seamless (when using FileVault, anyway).

For people that work with data which must be kept private (physicians, other professionals), this Panther upgrade is a must-have.

jclarkv,

Did you follow the method outlined in the link at the top of this thread or did you manage to create the required certificate some other way. I have been baffled as to how to create a 'local' certificate to allow Mail to use a key pair I generate locally. I don't particularly need 'authentication' of an authority, just encryption. I can generate key pairs with PGP freeware or event certtool but I can't attach this certificate to my e-mail address to get mail to recognize this.

I don't want to give all the personal information to Thwate even though they are nominally trustworthy so I'm trying to figure out how to use the local tools in such a way to get Mails built in functions to work.

Thanks,